Installation

Prerequisites

Before installing osCommerce, we must ensure that the universe repositories are enabled on your system. Your /etc/apt/sources.list should resemble the following (you may have to uncomment or add the universe lines:)

If you had to enable new repositories, issue the following command to update your package lists:

apt-get update
apt-get upgrade

Before we begin installing osCommerce, we’ll need to install some additional PHP packages as well as the unzip tool. Run the following commands:

apt-get install unzip php5-gd php5-curl
/etc/init.d/apache2 restart

Installing osCommerce is straightforward and simple. cd into your document root directory and download the latest version of osCommerce. You can find the latest version available on the osCommerce website. Run the following commands to install osCommerce in the document root of your website:

If you want to install osCommerce in a folder, simply cd into that folder before downloading and unzipping the package. Now we’ll create a database for osCommerce, as well as a user for the new database:

Lastly, change the permissions on the following two configure.php files to allow the online setup process to work:

chmod 777 admin/includes/configure.php includes/configure.php

Web Configuration

At this point, you can finish the rest of the installation process through the web. Point your browser to the domain or IP of the osCommerce install and append /install/ to the end. In our example the URL would be http://www.example.com/install/. You’ll be prompted to fill in your database details. Use “localhost” for the address of the database server, and the credentials for the user and database we created above. The rest of the installation process is self explanatory. After the installation you’ll be able to see your store as well as the administrative interface.

Post Installation

After the installation, certain files need to be removed or renamed for security reasons. Be sure to substitute to correct paths for your particular configuration. First, we need to remove the installation folder:

rm -rf /srv/www/example.com/public_html/install

Change the permissions on configure.php to prevent security issues:

chmod 644 /srv/www/example.com/public_html/includes/configure.php

Change the permissions of the images and graphs directory to be accessible by the server:

Finally, change the permissions of the backups directory to be accessible by the server:

chmod -R 777 /srv/www/example.com/public_html/admin/backups

From here you can begin customizing your store. The default index page will give you instructions for where to begin. You can also check our “More Information” section below.

SSL Certificates

You may want to install a commercial SSL certificate on your store to encrypt the data sent from your customer to your server. After Obtaining a Commercial SSL Certificate, you’ll need to make a couple of changes to your includes/configure.php file. Below is an example section from that file that highlights the changes you need to make:

It should be noted that in this example, the certificate was issued without the www qualifier. Your specific requirements may require tweaking.

Monitor for Software Updates and Security Notices

When running software compiled or installed directly from sources provided by upstream developers, you are responsible for monitoring updates, bug fixes, and security issues. After becoming aware of releases and potential issues, update your software to resolve flaws and prevent possible system compromise. Monitoring releases and maintaining up to date versions of all software is crucial for the security and integrity of a system.

Please monitor the osCommerce security forums and mailing lists to ensure that you are aware of all updates to the software and can upgrade appropriately or apply patches and recompile as needed:

When upstream sources offer new releases, repeat the instructions for installing the osCommerce software as needed. These practices are crucial for the ongoing security and functioning of your system

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.